rexnkaren
asked on
Protecting text fields from html code
I have a client who has been using a HTML form questionaire for quite sometime. Recently she's been receiving 2-3 messages a day through this form with the text fields filled out with html code directing here to porn links etc.
How do I protect the text fields from accepting html code. They should only accept text only. It's a simple html form.
Please advise. Thanks in advance for your input!
How do I protect the text fields from accepting html code. They should only accept text only. It's a simple html form.
Please advise. Thanks in advance for your input!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
if it is simply just emailing her the information, i would suggest adding the freecap captcha to the form. this will prevent any submitions where the person does not enter what they see in the image
http://en.wikipedia.org/wiki/Captcha
http://en.wikipedia.org/wiki/Captcha
ASKER
Thank you. I'll check it out and return to update & award points if appropriate...
ASKER
At first glance I'm seeing any directions on how to use this software. ? I've downloaded but now what?
on the HTML form you would include:
<img id="freecap" src="/freecap/freecap.php" /><br/>
<input type="text" name="captcha" id="captcha" /><br/>
Cannot read the image? <a href="#" onclick="document.getEleme ntById('fr eecap').
src='/guestbook/freecap/fr eecap.php? '+Math.ran dom();">Cl ick Here</a><br/>
in the form submission, you would have:
session_start();
if( !isset($_POST['captcha']) ||
!isset($_SESSION['freecap_ word_hash' ]) ||
$_SESSION['hash_func']($_P OST['captc ha']) != $_SESSION['freecap_word_ha sh'] )
{
unset( $_SESSION['freecap_word_ha sh'] );
die("The word you entered did not match the image.<br/>");
}
you can give more friendly error messages if you want, but that is the basics.
<img id="freecap" src="/freecap/freecap.php"
<input type="text" name="captcha" id="captcha" /><br/>
Cannot read the image? <a href="#" onclick="document.getEleme
src='/guestbook/freecap/fr
in the form submission, you would have:
session_start();
if( !isset($_POST['captcha']) ||
!isset($_SESSION['freecap_
$_SESSION['hash_func']($_P
{
unset( $_SESSION['freecap_word_ha
die("The word you entered did not match the image.<br/>");
}
you can give more friendly error messages if you want, but that is the basics.
ASKER
Hmmm...what did I do wrong? http://www.karenkfisher.com/74_Ranch/questionnairewcaptcha.html
html is not a PHP file
you can only use freecap if you are using PHP for the form handling. you can not put the PHP source code into a static HTML file.
you can only use freecap if you are using PHP for the form handling. you can not put the PHP source code into a static HTML file.
you're also using FormMail.cgi, which I likely to be PERL, not PHP
if you're usign FormMail from Matt's Script Archive, check out http://www.formmail.com/captcha/
ASKER
I'm going to check it out. Please don't give up & desert me. Thank you! (0:
ASKER
Hmm...so, if I want to use the freecap I would need to build a form and submit without formmail? I guess I'll need to check out how to do that. Would you be able to write the code to put all this together? I can write another question so you can have more points. Is that kosher?
you can download sample php form to email script here: http://formtoemail.com/
ASKER